Step inside Amazon's corporate palace

Malware hits Apple App Store after XcodeGhost attack

The attack used a fake version of Apple's Xcode software to inject legitimate apps with malicious code

Apple

Hundreds of legitimate apps in the iOS App Store have been infected with malicious code, with Apple scrabbling to shut down the first large-scale breach of the software that runs iPhones and iPads.

ADVERTISEMENT

The attack worked by tricking developers into using a fake version of Xcode, Apple's software development tool, to build apps.

Known as XcodeGhost, the malicious version of the development tool injected extra code into scores of legitimate apps, with Chinese security firm Qihoo360 Technology Co reporting at least 344 known exploits, according to Business Insider. This code could then then sneak through Apple's formerly watertight submission process.

READ NEXT

HBO hackers leak unreleased Curb Your Enthusiasm episodes

ByMatt Burgess

In a statement issued to Reuters, Apple said it was working with developers to make sure they were using the "proper version" of Xcode to build their apps.

How the hackers tricked developers into using the rogue version of Xcode remains unclear. The software is free to download from Apple's Mac App Store but it could be that Chinese developers were fooled into using an alternative download that claimed to be quicker.

Affected apps included WeChat, a popular messaging app in China, car-hailing app Didi Kuaidi and music app NetEase Cloud Music. All the apps known to have been affected by the attack are only available on the Chinese App Store.

ADVERTISEMENT

No examples of data theft have been reported as a result of the hack. Palo Alto Networks, one of the security firms that first reported the breach, said the malicious code didn't have the access to do very much. Data gathered by the malicious code included the current time, name of the device and network type.

But future attackers could take a similar approach to bypass Apple's security and launch more damaging hacks. Anyone concerned should ensure all their iOS apps are updated to the latest version.